zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6

A flaw was found in the MiniZip component of the zlib package. When opening a new file, MiniZip doesn't properly validate the filename, comments, or extra fields length against the data type used to store this information. This may allow an attacker to craft a malicious ZIP file that will lead to...

HSTS long filename clears contents

When saving HSTS data to an excessively long filename, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

PT-2023-29913 · Curl +6 · Curl +6

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker could use this vulnerability to upload, delete, and view file...

PT-2023-32623 · Tyler Technologies · Magistrate Court Case Management Plus

Name of the Vulnerable Software and Affected Versions: Tyler Technologies Magistrate Court Case Management Plus affected versions not specified Description: The issue allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the filename parameter in the...

CVE-2023-4590

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler SEH registers...

CVE-2023-4590

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler SEH registers...

Buffer overflow

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler SEH registers...

CVE-2023-4590 Buffer Overflow vulnerability in Frhed

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler SEH registers...

Frhed Buffer Error Vulnerability

Frhed is a binary file editor hex editor for Windows from the datadiode personal developer. A buffer error vulnerability exists in Frhed version 1.6.0 that originates from allowing an attacker to execute arbitrary code via the long filename parameter via the Structured Exception Handler SEH...

PT-2023-29754 · Frhed · Frhed

Name of the Vulnerable Software and Affected Versions: Frhed hex editor version 1.6.0 Description: The issue is a buffer overflow vulnerability that could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler SEH registers...

CLSA-2023-1700591071 kernel: Fix of 10 CVEs

openvswitch: fix OOB access in reservesfasize CVE-2022-2639 - xen/blkfront: fix leaking data in shared pages CVE-2022-26365 - Bluetooth: Fix slab-out-of-bounds read in hciextendedinquiryresultevt CVE-2020-36386 - btrfs: only search for leftinfo if there is no rightinfo in trymergefreespace...

CVE-2023-6142

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6142

Dev Blog v1.0 is affected by an XSS vulnerability triggered via an unrestricted file upload with poor filename entropy. An attacker can upload a malicious HTML file and then guess the filename to deliver it to a victim. Affected component: Dev Blog (Node.js/Express/MongoDB) v1.0; root cause: lack...

CVE-2023-38879

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...

PT-2023-32541 · Dev Blog · Dev Blog

Name of the Vulnerable Software and Affected Versions: Dev blog version 1.0 Description: The issue allows an attacker to exploit a cross-site scripting XSS vulnerability through an unrestricted file upload, combined with a bad entropy of filenames. This enables the attacker to upload a malicious...

Fail to create MCS machine catalog with error ID: XDDS: F0522F7D

The following error occurs when creating a catalog using MCS: ------ Error Id: XDDS: F0522F7D Exception: DesktopStudioErrorld: ProvisioningTaskError ErrorCategory: NotSpecified ErrorID: DiskConsolidationFailed TaskErrorinformation: Terminated InternalErrorMessage: Invalid diskFilename: storage...